Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67629.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-67629
Upstream
Published
2024-04-16T21:15:08Z
Modified
2026-04-21T04:38:13.394537Z
Summary
CVE-2024-3660 affecting package keras 2.11.0-3
Details

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.

References

Affected packages

Azure Linux:2 / keras

Package

Name
keras
Purl
pkg:rpm/azure-linux/keras

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.11.0-3

Database specific

source
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67629.json"